# # $Id$ # # This describes the behavior of this module with respect to the # /etc/pam.conf file. # # writen by Andrew Morgan # This module recognizes the following arguments. debug put lots of information in syslog. *NOTE* this option writes passwords to syslog, so don't use anything sensitive when testing. no_warn don't give warnings about things (otherwise warnings are issued via the conversation function) use_first_pass don't prompt for a password, for pam_sm_authentication function just use item PAM_AUTHTOK. try_first_pass don't prompt for a password unless there has been no previous authentication token (item PAM_AUTHTOK is NULL) rootok This is intended for the pam_sm_chauthtok function and it instructs this function to permit root to change the user's password without entering the old password. The following arguments are acted on by the module. They are intended to make the module give the impression of failing as a fully functioning module might. expired an argument intended for the account and chauthtok module parts. It instructs the module to act as if the user's password has expired fail_1 this instructs the module to make its first function fail. fail_2 this instructs the module to make its second function (if there is one) fail. The function break up is indicated in the Module Developers' Guide. Listed here it is: service function 1 function 2 ------- ---------- ---------- auth pam_sm_authenticate pam_sm_setcred password pam_sm_chauthtok session pam_sm_open_session pam_sm_close_session account pam_sm_acct_mgmt prelim for pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK. required for pam_sm_chauthtok, means fail if the user hasn't already been authenticated by this module. (See stress_new_pwd data item below.) # # data strings that this module uses are the following: # data name value(s) Comments --------- -------- -------- stress_new_pwd yes tells pam_sm_chauthtok that pam_sm_acct_mgmt says we need a new password